CVE-2024-35690— WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MarketingFire | Widget Options | n/a≤ 4.0.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-35690
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过发送数据的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Marketing Fire Widget Options 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Widget Options是美国Marketing Fire公司的一款服务器软件。 Marketing Fire Widget Options 4.0.1及之前版本存在信息泄露漏洞,该漏洞源于将敏感信息插入到发送的数据中,可能导致检索嵌入式敏感数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MarketingFire | Widget Options | n/a ~ 4.0.1 | - |
II. Public POCs for CVE-2024-35690
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-35690
请登录查看更多情报信息。
News Coverage for CVE-2024-35690 (1)
IV. Related Vulnerabilities
Same product: Widget Options
Same vendor: MarketingFire
- CVE-2026-2052
Widget Options <= 4.2.2 - Authenticated (Contributor+) Remot - CVE-2025-8483
Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authent - CVE-2025-10580
Widget Options – The #1 WordPress Widget & Block Control Plu - CVE-2024-8672
Widget Options – The #1 WordPress Widget & Block Control Plu - CVE-2023-36520
WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable
Same weakness: CWE-201
- CVE-2026-22551
Eclipse Theia <1.71.0信息泄露漏洞 - CVE-2026-52698
WordPress PushEngage – Web Push Notifications, eCommerce Aut - CVE-2026-34888
WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exp - CVE-2026-27868
PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC - CVE-2026-54197
WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure
V. Comments for CVE-2024-35690
No comments yet